W6GKD: Difference between revisions

From Wildsong
Jump to navigationJump to search
Brian Wilson (talk | contribs)
mNo edit summary
Brian Wilson (talk | contribs)
mNo edit summary
Line 55: Line 55:
Install a WARP client on Android it's called "Cloudflare One Agent", there is a separate WARP client but you don't need that.
Install a WARP client on Android it's called "Cloudflare One Agent", there is a separate WARP client but you don't need that.


WARP is the client side of a Zero Trust VPN client but routes all traffic from the device it's installed on through a proxy operated by Cloudflare. I put it on my tablet to test it; it might or might not stay there. I will probably put it on my laptop. The laptop version allows selective use. I can decide which web sites get tunneled and which go direct.
WARP is the client side of a Zero Trust VPN client but routes all traffic from the device it's installed on through a proxy operated by Cloudflare. I put it on my tablet and my laptop. The laptop version allows selective use; this means I can decide which web sites get tunneled and which go direct.


== Enabled swap ==
== Enabled swap ==
Line 93: Line 93:
Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS.
Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS.
This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet.
This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet.
== Resources ==
Download WARP clients for Cloudflare Zero Trust [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/download-warp/ here].




[[Category:Radio]]
[[Category:Radio]]

Revision as of 16:12, 10 January 2024

W6GKD is my call sign and it's also the name of a virtual server that hosts services for me.

Currently it runs Debian 11

Some hostnames supported here are proxied in Cloudflare. For direction connection via ssh use w6gkd.wildsong.biz

History

2024-01-09 I am out of RAM and out of disk space and out of swap space, I could upgrade again to 2 GB and 40GB at $10/month but it just staves off feature creep. Instead I will do some relocating. I don't even have enough disk space to increase swap space right now.

2022-04-24 Upgraded to CS-2 machine, giving me 1GB RAM and 30GB filespace. ($2.5 -> $4/month) 2021-12-24 Provisioned at Debian 10.04 then upgraded immediately to Bullseye (Debian 11)

Cloudflare Zero Trust

I need to move some resources off of this virtual machine because I am running out of space. I can use a third party proxy to relocate services to other servers. The proxy could be the Cloudflare Zero Trust service. I should be able to completely eliminate the Varnish cache and reverse proxy running on this host and then I can move my wiki to an Oracle VM and then put a database replica on Bellman.

What runs here? Can I move it? Where? Notes
ssh no use a different dns name to access it
wiki yes Oracle Requires PHP and MySQL Replicate database on Bellman. Use webhooks to back up files.
hupi.org yes Oracle Requires PHP
smtp no not worth it
imap no not worth it
Varnish no

WARP

Install a WARP client on Android it's called "Cloudflare One Agent", there is a separate WARP client but you don't need that.

WARP is the client side of a Zero Trust VPN client but routes all traffic from the device it's installed on through a proxy operated by Cloudflare. I put it on my tablet and my laptop. The laptop version allows selective use; this means I can decide which web sites get tunneled and which go direct.

Enabled swap

While I wait for the CS-1 to CS-2 upgrade, and while experiencing lockups due to memory exhaustion, I enabled swap.

https://help.ubuntu.com/community/SwapFaq#What_is_swappiness_and_how_do_I_change_it.3F

fallocate -l 1g /mnt/1GiB.swap
chmod 600 /mnt/1GiB.swap
mkswap /mnt/1GiB.swap
swapon /mnt/1GiB.swap
echo '/mnt/1GiB.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab
free
              total        used        free      shared  buff/cache   available
Mem:          471680      276880       15992        1884      178808      180696
Swap:        1048572       67156      981416
                           ^^^^^ yep - doing "docker-compose up" hits swap space.

Packages installed

sudo
certbot
python-certbot-dns-cloudflare-doc
python3-certbot-dns-cloudflare
postfix
postgrey

Docker installed from https://docs.docker.com/engine/install/debian/

I stood up an instance of nginx to get things tested using the command

docker run --name w6gkd -v /home/bwilson/html:/usr/share/nginx/html:ro -p 80:80 -d nginx

Since https://w6gkd.radio/ is proxied through Cloudflare I did not have to set up HTTPS. This is convenient. But it means traffic between Cloudflare and Tektonic is not encrypted yet.

Resources

Download WARP clients for Cloudflare Zero Trust here.